Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
Learn how they operate: https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
Learn how they operate: https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
π₯14π5π€5
π¨ Data Security Alert! Did you know 6% of employees paste sensitive data into AI apps weekly? Learn how to prevent data leakage in this upcoming webinar.
Read: https://thehackernews.com/2023/09/live-webinar-overcoming-generative-ai.html
Read: https://thehackernews.com/2023/09/live-webinar-overcoming-generative-ai.html
π14π14π2
Researchers warn of a new sophisticated campaign, Operation Rusty Flag, deploying Rust-based malware in Azerbaijan.
Learn how this advanced attack works: https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html
Learn how this advanced attack works: https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html
π₯13π5π€3
Telecom providers in the Middle East face a stealthy cyber threat called ShroudedSnooper. It uses HTTPSnoop to exploit Windows HTTP kernel drivers.
Learn more: https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html
Learn more: https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html
π19
π¨π»βπ»πΎ WEBINAR β€ Discover the power of SSPM + ITDR synergy, learn to detect and neutralize hidden SaaS security threats.
Reserve your spot now: https://thehacker.news/itdr-saas
Reserve your spot now: https://thehacker.news/itdr-saas
thehacker.news
Identity Threat Detection and Response (ITDR) β Rips in Your Identity Fabric
Tactics, Techniques, Procedures... Learn how ITDR identifies and mitigates threats with the help of SSPM
π15π7π€3
XWorm, a persistent remote access trojan, has been evolving since 2022. Researchers at AnyRun uncovered its inner workings, including evasion tactics, sandbox detection, and persistence methods.
Learn more: https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html
Learn more: https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html
β‘13π10π10
Trend Micro releases patches for critical security flaw, CVE-2023-41179, actively exploited in real-world attacks on Apex One and Worry-Free Business Security solutions for Windows.
Read details: https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html
Read details: https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html
π7π€3π€―3π1π±1
π¨ Critical Security Alert! GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Protect your codeβupdate now: https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
Protect your codeβupdate now: https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html
π21π₯6π2
π‘οΈ Signal messaging app's latest update adds a quantum-resistant shield. Learn how the PQXDH protocol boosts encryption against future quantum threats.
Details here: https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html
Details here: https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html
π19π€12π₯10β‘5
π¨ Alert: Chinese-language speakers under attack!
Multiple email phishing campaigns are distributing dangerous malware, including ValleyRAT.
Read: http://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html
Multiple email phishing campaigns are distributing dangerous malware, including ValleyRAT.
Read: http://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html
π16π₯11
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
Read: https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
Read: https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
π13π€―6π₯2
Attention IT admins! Update Nagios XI to version 5.11.2 now. The network monitoring software has patched four critical security flaws (CVE-2023-40931 to CVE-2023-40934), protecting against privilege escalation and information disclosure.
Read: https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html
Read: https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html
π24π₯3π2
π¨ Beware of Fake Exploits! A malicious actor tried to trick users with a fake WinRAR PoC exploit on GitHub, aiming to infect them with VenomRAT malware.
Learn more: https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html
Learn more: https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html
π21π₯10π10π€―2
β οΈ Attention Linux users who downloaded the "Free Download Manager" software between 2020 and 2022:
Its website was breached in 2020, and a Ukrainian hacker group distributed malware.
Learn about the incident: https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html
Its website was breached in 2020, and a Ukrainian hacker group distributed malware.
Learn about the incident: https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html
π€―33π12π9π±7β‘6π₯1
Gold Melody, the financially motivated cybercrime group, is selling access to compromised organizations for ransomware attacks.
Researchers have revealed their tactics and targets: https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html
Researchers have revealed their tactics and targets: https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html
π11π9π₯1
π¨ China's Ministry of State Security accuses the U.S. of cyber espionage against Huawei servers since 2009.
Read: https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html
Read: https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html
π27π12π₯8π€7
π¨ P2PInfect Worm Alert : P2PInfect malware activity skyrockets 600x in a week. Researchers shed light on its rapid growth and evolving tactics.
Read: https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html
Read: https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html
π16π₯8π4β‘1
Sandman, a new cyber threat actor, is targeting telecom providers across continents. Read more about this cyber espionage campaign.
Read: https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html
Read: https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html
π15π₯11β‘2
π¨ Attention users! Apple issues patches for 3 new critical zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari. Stay safe with the latest updates for your devices.
Read details: https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html
Read details: https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html
π19π11π7π€7π₯2
π¨ Security Alert! Atlassian and ISC uncover critical flaws in their products that could lead to DoS and remote code execution attacks.
Read and patch now: https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
Read and patch now: https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
π21π3π₯1
OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.
Read: https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Read: https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
π€14π12π4π2π±2π₯1